It seems we have some reoccuring questions on the mailing list:
1) LIBPATH (and variations) being wiped out by sudo for security reasons.
2) adding rules that basically give wide open root access, and then back off
the "dangerous" commands.
I propose that as a group we answer these questions and then ask todd to add
them to the faq.
Q: I am running command X and it needs to have LIBPATH set a particular way
in order to run. How do I tell sudo to not wipe out LIBPATH for this
particular command.
A: sudo wipes out LIBPATH because there are well known and easy to execute
attacks by manipulating LIBPATH. The solution is to use a simple wrapper
script that resets LIBPATH before it executes the command. Although scripts
executing as root are generally frowned upon, the real danger is in complex
scripts that accept user input. Simple wrapper scripts pose little danger
and are certainly less of a problem than maintaining LIBPATH. Here is a
sample:
#!/bin/bash
unset PATH # unsetting path forces the script to use full path to commands
export LIBPATH=your lib path here.
/bin/your command here.
Q: I need to give a user full root access to a machine. How do I prevent
him from doing anything dangerous?
A: anyone, anyone?
Q: I need to give a user full root access to a machine. How to I log
everything he does in a way that he can not circumvent?
A: anyone, anyone?
--
Michael Potter